A few days ago we reported on the fact that applications which have administrative rights in Vista (given by the user, of course) can disable User Account Protection altogether. This was seen as a security flaw; Ars, however, begs to differ: "When UAC is disabled, Vista gripes loudly about it. The Windows Security Center immediately notes that UAC has been turned off, and it prompts you to turn it back on using a system tray notification. From our own testing, it appears impossible to disable UAC without the Security Center noticing it, which makes it rather unlikely that a user is end up in a less secure state."

Yeah, that's technically true. But once a malicious app (see my previous post) gets a privileged process running, it doesn't need to care about logging in. It can use the privileged process as a proxy to do its bidding. So, bottom line, once a user lets a privileged process run -- regardless of whether it's Windows or 'nix -- no OS is secure.

But you see, most users of alternative OSes(I mean non-Windows users) basically have more skills and knowledgements on computers in general I rekon. They could figure out whether it is some kind of trojan or not.

Also there are a lot of window managers which look totally different from each others. If I use Enligntenment R17 for DE, a GNOME/KDE app pops up and asks for root password, I think I could figure out easily even without much knowledge! As there are so many choices for DE/window manager in open source world, it is hard to guess users environment. I know I know that most users use GNOME or KDE. But..

Anyway, because there is no way to turn off privilege thing in *nix world, it is impossible a malicious app gets a privileged process running or at least a lot harder than Windows. period.

I don't mean *nix is perfect but at least a lot more secure than Windows. And I feel comfortable on *nix because of it.